As above shown, does revealing of md5 (or some other hmac) of the key weakens the scheme ?

I would like to specifically catch the case where the keys (encryption to decryption) dont match, as oppose to decrypt the crypt-text with wrong key and then 'discover' that md5(text) dont match the text so declare corrupted security packet.

1 Answer
1

Theoretically, MAC algorithms may reveal part of their input data, because confidentiality is not part of their root characteristics. In practice, though, HMAC is safe for that. Similarly, a hash function does not reveal much about its input because it would make it more vulnerable to preimage attacks, and good hash functions are strong against that.

If you want to use the hash of the key as a key identifier, I suggest having a look at this previous question and its answers.

You appear to encrypt the concatenation of MD5(text) and text, which looks like a homemade MAC. "Homemade" is rarely a good sign. Combining encryption and MAC properly is not easy. If you really want to define your own format, you should strive to, at least, use an encryption mode which includes a MAC in a well-studied construction; this points at EAX or GCM. (Speaking of which: Blowfish, MD5... it seems that whatever sources you use to know how to do cryptography are a bit dated (15 to 20 years). In computers, 15 years are a lot.)

thank you for the hint, I did not realize the important diff between MAC and md5/sha1 is the MAC is keyed hash. I will do the Encrypt-then-MAC scheme. I am using openssl library.
–
boo9Apr 10 '13 at 21:09